Page 1 of 2
Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 10:31 am
by craigtho
Hi all,
So I configured my own Nagios core server (version 4.4.3) on Ubuntu 18.04 LTS VM. I have set it up to monitor most of the hosts on my infra, both Linux & Windows. I'm still very new to installing and configuring Nagios so some things are probably not up to scratch on my end.
Nagios server (Ubuntu 18.04) - 192.168.80.44
Host to monitor (Windows 10) - 192.168.60.41
On my web interface, I can see that my machine I'm monitoring has picked up all the defined
check_nt services I have listed in my .cfg directory, so I know that checks are being carried out successfully (at least with
check_nt):
https://imgur.com/a/CG1uE6h
The hosts .cfg file is as follows:
my-pc.cfg- my-pc.cfg
- (3.99 KiB) Downloaded 193 times
When I try to run
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H 192.168.60.41 -p 5666
, I get the following error:
Code: Select all
root@glamon02:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.60.41 -p 5666
CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.
Similarly:
Code: Select all
root@glamon2:/usr/local/nagios/libexec# sudo ./check_nrpe -H 192.168.60.41 -p 5666 -t 30
CHECK_NRPE STATE CRITICAL: Socket timeout after 30 seconds.
root@glamon2:/usr/local/nagios/libexec# telnet 192.168.60.41 5666
Trying 192.168.60.41...
Connected to 192.168.60.41.
Escape character is '^]'.
My Windows NSCLIENT++ file is as follows (after some changes):
What am I missing? I know its got to be something simple and I need
check_nrpe for part of the monitoring I need on this host.
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 11:31 am
by scottwilkerson
On your Windows server run the following from the cmd prompt:
Code: Select all
cd "C:\Program Files\NSClient++"
nscp settings --activate-module NRPEServer --add-defaults
nscp settings --path /settings/NRPE/server --key "allow arguments" --set true
nscp settings --path /settings/NRPE/server --key "allow nasty characters" --set true
nscp settings --path /settings/NRPE/server --key insecure --set true
nscp settings --path /settings/NRPE/server --key "verify mode" --set none
nscp settings --activate-module CheckExternalScripts --add-defaults
nscp settings --path "/settings/external scripts" --key "allow arguments" --set true
nscp settings --path "/settings/external scripts" --key "allow nasty characters" --set true
the restart nsclient++
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 12:37 pm
by craigtho
Code: Select all
C:\Program Files\NSClient++>nscp settings --path /settings/NRPE/server --key "allow arguments" --set true
C:\Program Files\NSClient++>nscp settings --path /settings/NRPE/server --key "allow nasty characters" --set true
C:\Program Files\NSClient++>nscp settings --path /settings/NRPE/server --key insecure --set true
C:\Program Files\NSClient++>nscp settings --path /settings/NRPE/server --key "verify mode" --set none
C:\Program Files\NSClient++>nscp settings --activate-module CheckExternalScripts --add-defaults
Adding default values
C:\Program Files\NSClient++>nscp settings --path "/settings/external scripts" --key "allow arguments" --set true
C:\Program Files\NSClient++>nscp settings --path "/settings/external scripts" --key "allow nasty characters" --set true
C:\Program Files\NSClient++>net stop nscp
The NSClient++ (x64) service is stopping..
The NSClient++ (x64) service was stopped successfully.
C:\Program Files\NSClient++>netstart nscp
'netstart' is not recognized as an internal or external command,
operable program or batch file.
C:\Program Files\NSClient++>net start nscp
The NSClient++ (x64) service is starting.
The NSClient++ (x64) service was started successfully.
Followed by running a a few commands for experiments sake:
Code: Select all
root@glamon2:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.60.41
CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.
root@glamon2:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.60.41 -p 5666
CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.
root@glamon2:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.60.41 -p 12489
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 192.168.60.41: 1
root@glamon2:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.60.41 -t 30
CHECK_NRPE STATE CRITICAL: Socket timeout after 30 seconds.
root@glamon2:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.60.41 -p 5666 -t 30
CHECK_NRPE STATE CRITICAL: Socket timeout after 30 seconds.
root@glamon2:/usr/local/nagios/libexec#
New nsclient.ini attached below:
- nsclient.ini
- nsclient.ini (2)
- (13.43 KiB) Downloaded 165 times
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 1:14 pm
by scottwilkerson
Are you sure port 5666 is open on the Windows and any network firewalls?
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 1:56 pm
by craigtho
Yes, as seen in my original post, I ran a telnet to the Windows machine on port 5666 which connected successfully.
I checked with nmap just to be safe and it's definitely open.
Furthermore, turning off the firewall on Windows still provides a timeout error.
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 2:17 pm
by scottwilkerson
Can you attach the nsclient.log from the machine in question.
Thanks!
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 2:46 pm
by craigtho
I think this is the file you are looking for:
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 2:56 pm
by scottwilkerson
Can I have you try adding
under the section
to the nsclient.ini and then restart nsclient++
Also, what version of NSClient++ are you using?
How about check_nrpe on the Nagios server?
Code: Select all
/usr/local/nagios/libexec/check_nrpe -h|head -5
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 3:36 pm
by craigtho
Changes were made to the nsclient.ini file as seen in here:
Then on Nagios Server (running an nmap just for demonstration purposes):
Code: Select all
root@glamon2:/usr/local/nagios/libexec# ./check_nrpe -H 192.168.60.41 -p 5666 -t 30
CHECK_NRPE STATE CRITICAL: Socket timeout after 30 seconds.
root@glamon2:/usr/local/nagios/libexec# nmap -Pn 192.168.60.41 -p 5666
Starting Nmap 7.60 ( https://nmap.org ) at 2019-09-16 20:33 UTC
Nmap scan report for my-pc.my.domain (192.168.60.41)
Host is up (0.00056s latency).
PORT STATE SERVICE
5666/tcp open nrpe
Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
root@glamon2:/usr/local/nagios/libexec# nmap -Pn 192.168.60.41 -p 12489
Starting Nmap 7.60 ( https://nmap.org ) at 2019-09-16 20:33 UTC
Nmap scan report for my-pc.my.domain (192.168.60.41)
Host is up (0.00053s latency).
PORT STATE SERVICE
12489/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds
root@glamon2:/usr/local/nagios/libexec# ./check_nrpe -h | head -5
NRPE Plugin for Nagios
Version: 3.2.1
Copyright (c) 2009-2017 Nagios Enterprises
1999-2008 Ethan Galstad ([email protected])
Still unsure as why its timing out. I had been reading the forums for hours on this to see if anyone had the same issue with NRPE on Windows
Re: Can't get check_nrpe to work on Windows host
Posted: Mon Sep 16, 2019 3:48 pm
by scottwilkerson
Can you make a backup of your nsclient.ini and try this one that I know is working on my system
You have a few extraneous settings in yours (like blank certificate and custom allowed ciphers) but this should work